Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,054 advisories

Loading
s2n-quic potential denial of service via crafted stream frames Low
GHSA-475v-pq2g-fp9g was published for s2n-quic (Rust) Nov 8, 2023
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency Low
GHSA-j57r-4qw6-58r3 was published for rusty-paseto (Rust) Nov 7, 2023
techport-om rrrodzilla
Credited to techport-om and rrrodzilla
stellar-strkey vulnerable to panic in SignedPayload::from_payload Moderate
CVE-2023-46135 was published for stellar-strkey (Rust) Oct 25, 2023
yeggor
Credited to yeggor
Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse Moderate
GHSA-6878-6wc2-pf5h was published for cocoon (Rust) Oct 24, 2023
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables High
CVE-2023-46115 was published for @tauri-apps/cli (npm) Oct 20, 2023
Pleaser privilege escalation vulnerability High
CVE-2023-46277 was published for pleaser (Rust) Oct 20, 2023
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions High
CVE-2023-45812 was published for apollo-router (Rust) Oct 19, 2023
garypen BrynCooke
BryanBarron jasonbarnett667 shorgi
Credited to garypen, BrynCooke, BryanBarron, jasonbarnett667, and shorgi
rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion Moderate
CVE-2024-43806 was published for rustix (Rust) Oct 18, 2023
cyqsimon sigmaSd
popey
Credited to cyqsimon, sigmaSd, and popey
gix-transport code execution vulnerability Moderate
CVE-2023-53158 was published for gix-transport (Rust) Sep 25, 2023
EliahKagan
Credited to EliahKagan
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2023-42811 was published for aes-gcm (Rust) Sep 22, 2023
nandita-v
Credited to nandita-v
Denial of Service issue in quinn-proto High
CVE-2023-42805 was published for quinn-proto (Rust) Sep 21, 2023
QUICTester
Credited to QUICTester
phonenumber panics on parsing crafted RFC3966 inputs High
CVE-2023-42444 was published for phonenumber (Rust) Sep 21, 2023
sno2 gferon
Credited to sno2 and gferon
blurhash panics on parsing crafted inputs High
CVE-2023-42447 was published for blurhash (Rust) Sep 21, 2023
rubdos
Credited to rubdos
SQLpage vulnerable to public exposure of database credentials Critical
CVE-2023-42454 was published for sqlpage (Rust) Sep 21, 2023
sudo-rs Session File Relative Path Traversal vulnerability Low
CVE-2023-42456 was published for sudo-rs (Rust) Sep 21, 2023
rnijveld
Credited to rnijveld
Tungstenite allows remote attackers to cause a denial of service High
CVE-2023-43669 was published for tungstenite (Rust) Sep 21, 2023
bayandin tsal
Credited to bayandin and tsal
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64 Low
CVE-2023-41880 was published for wasmtime (Rust) Sep 14, 2023
afonso360
Credited to afonso360
BER/CER/DER decoder panics on invalid input High
CVE-2023-39914 was published for bcder (Rust) Sep 13, 2023
NLnet Labs’ Routinator vulnerable to path traversal Critical
CVE-2023-39916 was published for routinator (Rust) Sep 13, 2023
libwebp: OOB write in BuildHuffmanTable High
CVE-2023-4863 was published for Pillow (Go) Sep 12, 2023
delroth Nachtalb
pshelton-skype
Credited to delroth, Nachtalb, and pshelton-skype
Inventory exposes reference to non-Sync data to an arbitrary thread Moderate
GHSA-36xm-35qq-795w was published for inventory (Rust) Sep 11, 2023
Users vulnerable to unaligned read of `*const *const c_char` pointer Moderate
GHSA-jcr6-4frq-9gjj was published for users (Rust) Sep 11, 2023
Inventory fails to prohibit standard library access prior to initialization of Rust standard library runtime Moderate
GHSA-ghc8-5cgm-5rpf was published for inventory (Rust) Sep 11, 2023
Apollo Router Unnamed "Subscription" operation results in Denial-of-Service Moderate
CVE-2023-41317 was published for apollo-router (Rust) Sep 7, 2023
nmoutschen abernix
o0Ignition0o BrynCooke peakematt jasonbarnett667 Geal
Credited to nmoutschen, abernix, o0Ignition0o, BrynCooke, peakematt, jasonbarnett667, and Geal
Multiple soundness issues in lexical Low
GHSA-c2hm-mjxv-89r4 was published for lexical (Rust) Sep 4, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database